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(57) Abstract 

A secure computer controlling access 
to data storage devices via a card reader. A 
microprocessor-controlled card reader inter- 
face logically connected to the card reader 
and the central processing unit (CPU) of the 
computer reads and writes infonnation from 
and to a card placed in the card reader and 
performs additional functions in response to 
commands received from the CTPU. The card 
reader interface includes an encryption en- 
gine for encrypting data in a data storage 
device and a boot ROM containing verifica- 
tion program code executed during an ini- 
tialization procedure. The verification pro- 
gram verifies that a valid user card has been 
placed in the card reader, reads one or more 
questions from the user card, asks the ques- 
tions of the user and verifies the answers 
against the contents of the card. If autho- 
rization is verified, the card reader interface 
pennits the user to access the encrypted data. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus, and requiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
ing the data in the data storage devices; and 
physically destroying the data storage de- 
vices. 




CowbUtLI>m 



Hard Drive 



113 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identliy States paity to the PCT on the front pages of pamphlets publishing international 
applications under the PCT. 



AT Austxia 

AU Australia 

BB Barbados 

BE Belghun 

BF Bufldoa Faso 

BG Bulgaria 

BJ Benin 

BR Brazn 

BY Belanis 

CA Canada 

CF Central Afiican Republic 

CG CoQgo 

CH Switzerland 

CI CAle 4*1voire 

CM Caznerooo 

CN China 

CS Czechoslovakia 

CZ Czech Repoblic 

DE Gennany 

DK Denmark 

£S Spain 

F1 Finland 

FR France 

GA Gabon 



GB 


United Kingdom 


GE 


Geoifia 


CN 


Guinea 


GR 


Greece 


BV 


Hungary 


IE 


Ireland 


IT 


Italy 


JP 


Japan 


K£ 


Kenya 


KG 


Kyigysian 


KF 


Demociatic People's RepubBc 




of Korea 


KR 


Republic of Korea 


KZ 


Kasakfasiao 


U 


Liechtenstein 


LK 


Sri Lanka 


LU 


Uixembourg 


LV 


Latvia 


MC 


Monaco 


MD 


Republic of Moldova 


MG 


Madagascar 


ML 


Mali 


MN 


Mongolia 



MR 


Mauritania 


MW 


Malawi 


NE 


Niger 


NL 


Netherlands 


NO 


Norway 


NZ 


New Zealand 


VL 


Poland 


PT 


POftogal 


RO 


Romania 


RU 


Russian Federation 


SD 


Sudan 


5E 


Sweden 


SI 


Slovenia 


SK 


Slovakia 


SN 


Senegas 


TD 


Chad 


TG 


Togo 


TJ 


Tajikistan 


TT 


Trinidad and Tobago 


UA 


Ukraine 


US 


United States of America 


uz 


Uzbekistan 


VN 


Viet Nam 



wo 95/24696 



PCTAJS95/02579 



PREBOOTPROEECTON FOR A DATA SECURHY SYSTEM 

5 Technical Field of the Invenrion 

The present invention pertains graerally to conpiter security 
systems, and more particularly to a irriCToprocessor-conlrolled system for 
controlling user access to and dissemination of secure data stored in a secure 
computer. 

10 Background of the Invention 

There has been an enormous increase in the use of conputa:s 
for processing and storing sensitive information in a wide variety of 
commercial and government applications. Conpiter systems have evolved 
from large systems with restricted access to small systmis which m^ be 

15 portable and easily accessed by several users. As conqxmaits have become 
more easily accessible and as demand for easy camputcc access has spread, 
there has msm a greater need for d>e protection of sensitive data. 

One method for securing access to confer systems is to 
restrict the physical access to lht conputer system, however, sudi restriction 

20 is ineflSdent for typical con^uta" system installations which fevor shared 
access and increased portability. The cost of securing conqjuter systems by 
restricting physical access is also prohibitive. 

Another method for providing security of sensitive data is to 
use a program to restrict access to the computCT system However, this 

25 method has drawbacks. For instance, an unauthorized user can often bypass 
the security program or routines v^ch invoke the security program to gain 
access to the conpjter system Even if the security program proves to be 
difBcult to bypass, the unauthorized user can sinply remove the information 
stored in the conputCT by ranoving flie manory or monitoring the data bus. 

30 For exan:4)le, a hard drive coidd be removed from the conpit^ and installed 
in another conpitor to read the contents of the hard drive. 

To prevCTt such unauthorized access and retrieval of sensitive 
information, s^itive data m^ be destroyed either logically or ]%sicaUy. 
Logical destmction requires that ai^ data destroyed be unintdligible to 

35 another user after die destruction process has taken place. The storage media 
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will typically still be reusable. An exanple of a logical destruction program 
is a program which erases the sensitive files on a hard drive when an 
unauthorized access is detected Physical data destruction, on the other hand, 
requires catastrophic destruction of the storage media to ensart that the 
5 contents in the storage media are irretrievably lost. 

In some applications the program destroying the logical data 
fails to conpletely destroy the data and advanced data retrieval techniques 
may be employed to recover traces of logically destroyed infomiatioa For 
exanple, information on a hard drive of a computer may be recovered by 
10 methods v^'ch detect previously written and erased binaiy words fi'om trace 
magnetic remnants of the words. If the logical destmction methods are only 
partially effective, physical destmction tediniques may also be required to 
ensure that the data is destroyed and cannot be recovered. 

It may be desirable to restrict access to particular peripheral 
15 devices on a conputer or workstation, rather than restricting access to the 
entire conputer system. Modem computac security systons fail to provide 
such restricted access. 

Therefore, there is a need in the art for a conputer security 
system whidi prohibits unauthorized access and which is not vuberable to 
20 bypass yet maintains the portabih'ty and flexibility inherent in a modem 
conputer system Hiere is a further need to provide conplete protection of 
SCTsitive data such that the data may not be recovered by bypassing the data 
protection system or by physical removal of data stc^age devices. Finally, the 
system must also provide conplete destmction of sensitive data to prevent 
25 retrieval of data traces. 

Summarv of the Invmtion 
To overcome tiiese and other shortcomings and limitations in 
the art which will become q>parent to those skiDed in the art upon reading 
and understanding the following detailed description, the present invention 
30 provides a system for controlling access to sensitive information on a 

computer without conpromising the security of sensitive data The present 
invention restricts conputer access to authorized users. In addition, it detects 
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attenpts to imitate an aiithorized user to gain access. Further, the present 
invention provides for configurable logical and physical destruction of 
sensitive data, and provides means for adjusting the threshold requirement for 
destruction and the level of destruction to suit the d^ree of security required 

5 for the information stored on die conputa*. FinaUy, the present invention 
provides a means, under the control of a centralized authorization security 
administrator, for limiting access to portions of the overall conputer system 
depending on the access privileges configured for each individual user. 

In one enibodiment of the present invention, a micropxx^essor- 

10 controlled card readCT interface logically connected to the CPU of the 

conputer reads and writes information fi-om and to an integrated circuit card 
("card" or "smart card") placed in the card reader. The information read is 
presented to the CPU to determine A?^ether the user is authorized to use the 
conputer; the CPU then specifies vAuch peripherals the user is authorized to 

15 access, A card reader interface board logically connected to the data and 
address buses of a conputer monitors address bus of the conputer and 
restricts access to the data storage devices and configurable ports in the 
system and executes a special verification program to verify authorization of 
the user. 

20 AccordiBg to one anbodimait of the present invention, when a 

vahd user card is placed in the card reado- one or more questions are read 
fi-om the card and displ^^ to the usct. The user's responses are compared to 
the correct answCTS stored on the card and, if the responses matdi the correct 
answers, the CPU is allowed to access all periphdrals the usct has been 

25 authorized to use. Conputer security is inproved by coordinating 

identification information received fi-om Ae card, user, and conputer RAM to 
ensure proper verificalicHi. The system requires Aat the same card, user, and 
conputer be used to control access. 

In one embodiment of this invention, the system provides for a 

30 method of initializing and authorizing a user card witii a security administrator 
card Upon a valid security administrator card being placed in the card 
reader, a security administrator initializes and authorizes one or more 
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individual user cards by selecting from a list of menu options displayed to the 
security administrator. The security administrator inputs a list of questions 
and answers which are then stored on the user card for use during the 
verification procedure. 
5 In one embodiment of the preset invention, the syston 

provides for a hierarchy of access privil^es by encoding access codes direcdy 
on the card which allow users with stq^oior access privileges to access data 
on conputers of users with inferior access privileges. The same coding 
system prevents the users with inferior access privileges from accessing the 

1 0 conputers of those with siperior access privilege. 

hi one embodiment of the presmt invention, the system 
provides for the physical or logical d^truction of data in reqx^e to 
unairthori2)Bd attempts by a user to violate the physical or logical integrity of 
the conputer system The physical and logical destruction of data may be 

1 5 disabled for maintenance or configuration purposes by use of a maintenance 
card 

The preceding and other features and advantages of the 
invention will become finther parent from the detailed desoiption that 
follows. This description is acconpanied by a set of drawing figures, 
20 NumCTals are enployed throughout the written description and the drawings to 
point oat the various features of this invention, like numerals ref^ing to like 
features throughout. 

Brief Description of the Drawings 
In the drawings, vAicrc like numerals describe like conponents 
25 throughout the several views: 

FIGURE 1 A is a perspective view of a first emlxxliment of a 
secure conputer system inplemented accordipg to the present invention; 

FIGURE IB is a blodc diagram showing Ae high-level 
architecture of a first oiibodimmt of a secure compatcr system implemented 
30 according to the present invention; 
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FIGURE IC is an electrical blcx:k diagram showing the 
microprocessor-controlled card reader interface for a first embodiment of a 
secure conputer system according to the present invention; 

FIGURE ID is a perspective view of a second embodiment of a 
5 secure con5)uter system inplemented according to the presmt invention; 

FIGURE IE is a perspective view of a third embodiment of a 
secure conputer system inplemaited according to the present invention; 

FIGURE 2A is a block diagram of a conpiter system with a 
hard drive and intoface board; 
10 FIGURE 2B is a block diagram showing how a conqniter 

system widi hard drive is modified to create a secure conputer systom 
according to a second embodiment of the present invention; 

FIGURE 3 is a block diagram showing the hi^ level 
architecture of a secure conputer system according to a second mibodiment 
15 of the present invention; 

FIGURE 4 is a block diagram showing the high level 
architecture of one embodiment of the control ASIC shown in FIGURE 3; 

FIGURE 5 shows a block diagram illustrating the operalian of 
one embodimait of the data steering network shown in FIGURE 3; 
20 FIGURE 6 is a block diagram showing the load^ program and 

verification program resident in- the read only memciy (ROM) of one 
embodimrat of flie card reader interfece board of FIGURE 3; 

FIGURES 7A, 7B, 7C, and 7D are a flow diagram showing 
program steps taken to initialize and execute the security pordon of a secure 
25 conputer ^tem prograrn according to the presoit invention; 

FIGURE 8 is a block diagram showing a hiCTarchy of access 
for vscrs of a secure conqniter system; and 

FIGURE 9A and HGURE 9B illustrate a pictorial display of 
one embodiment of a mounting sdieme used to co-locate a card reader and 
30 hard drive. 



wo 95/24696 



PCT/US95/02579 



6 

Detailed Specification of the Preferred Embodiments 
In the following detailed desoiption of the preferred 
embodiments, reference is made to the acconpanying drawings wfaidi form a 
part hereof, and in which is shown by way of illustration specific 
5 embodiments in whidi the invention m^ be practiced It is to be understood 
that othCT embodiments may be utilized and structural changes may be made 
witfiout departing fi-om the scope of the present invention 

FIGURE lA shows the conponents of a compute: system to be 
secured with a card reader interface according to a first embodiment of the 

10 present invention This embodiment was shown in US. Patait No. 5,327,497, 
issued July 5, 1994, by Mooney, et. al. The conputer system includes a 
keyboard 101 by vAnch a user may input data into the systan, a conputer 
chassis 103 vAnch holds electrical components and peripherals, a screen 
display 105 by which informatim is displayed to the user, and a pointing 

15 device 107, the syston conponents logically connected to eadi odier via the 
internal system bus of the conputer. A card reader 111 is connected to tfie 
secure conputer system via card reader interface board 109. The prefencd 
card reader 1 1 1 is an Anphmol® "Chipcard*' acceptor device, part nuniber 
702-10M008 5392 4794, which is compatible with International Standanis 

20 Organization (ISO) specification 7816, althoii^ one skilled in the art would 
readily recognize that oAict card readCT devices \Aidi conform to ISO 7816 
may be substituted. 

In order for the conpiter system to be secured, a card reader 
interface is integrated into the computer system in a manner similar to that as 

25 revealed in FIGURE IB. A card reader interface board 109 contains a 

microprocessor 116 connected to the CPU of the conqjuter via a second data 
bus 1 17, connected to RAM 127 via a third data bus 131, and connected to 
the card reader 11 1 via a fourfli data bus 133. The interface board 109 is 
typically inylemented with printed circuit board tedmology, althou^ other 

30 equivalent tedinologies may be substituted without loss of generality. 

Peripherals 121 within computer 103 are controlled by the CPU 123 and PLD 
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129 with a power control circuit 1 19, which turns power off and on to 
peripha^s 121. A system boot ROM 126 logically connected to the CPU 
123 to start executing a non-volatile program contained in PLD 129 xspon 
initialization of the conptfCT during power-ip, clear, or wann-boot reset. 
S An IC card IIS is used in conjunction with card reader 111. 

The prefeired card 115 is a MICRO CARD® or GEMPLUS® card (for 
example, Scot 100, TBIOO, or COS IC cards), vAndi is compatible with ISO 
7816. By conforming to this standard, the card IIS enables the siq^port of 
Data Enayption Standard (DES) data encryption and deoyption functions. 

10 One skilled in die art would readily recognize that other cards which confonn 
to this standard and provide data enayption and decryi>dQn functions may be 
substituted The ability to encrypt and decrypt data is inpoitant, since the 
present invention is designed to ensure that unencrypted sensitive data does 
not reside in the CPU where it could be read by an unauthorized user. 

15 The schematic for card readCT interface 109 is described in 

greater detail in FIGURE IC. IVEcroprocessor 1 16 is powered by circuit 135, 
and controls system functions via connections to the system data bus 125. 
SystOT) resets are initiated by clear line 137. Validation and authorization 
information is transferred between the microprocessor 116 and RAM 127 via 

20 the third data bus 131 in conjunction wift address or data select line 141, 

strobe line 143, and chip select line 145. Backup power is provided for RAM 
127 by a +5 volt lithium battety 139. 

The mdcroprocessor 1 16 communicates with syst^ data bus 
125 as a soial communications device usixig CTS line 147, DTR line 149, 10 

25 MHz clock line 151, serial data out line 153, and serial data in line 155. A 
sq)arate 3.5 MHz clock line 157 is used to provide a clock signal to PLD 
129, v^'di is used by the microprocessor 1 16 for card reset control via line 
159, card s^al data control via line 161, and card intemq)t control via line 
163. The PLD 129 in turn connects to tfie card via card serial data contact 

30 177, card clock contact 179, and card reset contact 181. 

Mcroprocessor 116 also has the abihty to control the physical 
destruction of data within the conputer system via line 165. A physical 
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destruction device may be triggered using line 165 as a destruct signal. For 
exanple, line 165 may be connected to a mechanism containing a chemical 
solution which is sprayed onto a hard disk contained in the secure conputer 
system vsiien an imauthorized user atten^ts to violate the physical or logical 

5 integrity of the computer system. SevCTal destrart mechanisms are taught in 
the prior art, and one of ordinary skill in fte art would recognize that other 
equivalent destruction chemicals and mechanisms may be substituted without 
loss of generality. 

The microprocessor 1 16 uses power control line 173 with 

10 switch 171 and +5 volt relay 175 to provide power to the card via card logic 
voltage supply contact 183 and card programming contact 187. The card is 
grounded via card ground contact 185, and detected by applying power 
through card detect power contact 191 to microprocessor 1 16 by card detect 
contact 189. Card contacts 193 and 195 and line 197 are reserved for future 

15 use. 

FIGURE ID shows the conponrats of a second embodiment of 
a secure computer system according to the present invention. Secure 
conq>uter system 100 includes a keyboard 101 by which a user may inpvX data 
into the system, a conpiter chassis 103 which holds electrical con:qx)nents 

20 and periph^s, a screen display 105 by vMch information is displayed to the 
user, a secure hard drive 1 13, and a pointing device 107, the system 
conqx)nents logically connected to eadi other via the internal system bus of 
the corrpiter. A card reader 111 is connected to tiie secure conputer system 
via card reader inta:&ce board 109. As in tfie first embodiment, the preferred 

25 card reader 1 1 1 is an Anphenol® "Qiipcard" accq>tor device, part numbo- 
702-10M008 5392 4794, which is compatible with International Standards 
Qrganizarion (ISO) 7816 spedfications. One skilled in die art would readily 
recognize, howevCT, that other card reader devices vs^iidi ccrafonn to ISO 
7816 may be substituted FIGURE ID shows card reader 111 and secure hard 

30 drive 1 13 co-located in a single peripheral b^. Other mounting techniques 
are available, however, which would not modify die scope of the present 
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invention, for exanple, positioning card reader 1 1 1 externally as shown in 
FIGURE IE. 

FIGURES 2A and 2B illustrate the modifications required of a 
standard personal conpiter system 705 in order to create a secure conputer 
5 systCTi 100 according to the present inventicm. FIGURE 2A is a sin?)lified 
block diagram of a conqjuter systrai 705 commonly found in the prior art. 
Central processing unit (CPU) 290 is connected to dedicated hard drive 
controUer logic 710 vMch serves as an interface for the campvtsr system to 
hard drive 1 13. Typically, hard drive controller logic 710 is a printed circuit 

10 board vAich is installed in the backplane or integrated into the motfierboard of 
computer 100, and hard drive controller logic 710 is connected to hard drive 
1 13 using a multiconductor cable 720. Hard drive 1 13 may be mounted 
externally to conqDuter 705, or internally. 

FIGURE 2B shows how the standard personal computer 705 is 

15 converted to a secure conputer system according to one embodiment of the 
presoit inventioa In FIGURE 2B, secure computer system 100 is formed by 
adding integrated circuit (IC) card 115 and attaching card reader 1 1 1, cable 
730, and card reader interface board 109 to system 705. Card reader 1 1 1 m^ 
be added to the system by rmioving cable 720 from hard drive 1 13 and 

20 connecting it to card reado- interface board 109, dien connecting card reader 
1 1 1 to card reader interface board 109 via cable 731. Hard drive 1 13 is 
connected to card reader interface board 109 using cable 730. 

Card reader 111 acts in concert with card reader interface board 
109 to limit access to sensitive data stored both on hard drive 1 13 and card 

25 reader interface board 109. Integrated circuit card 1 15 is preprogrammed with 
information used to voify that the user is authorized to access the sensitive 
data stored on hard drive 113. Securi^ for sensitive data stored on hard drive 
113 is provided by requiring a minimum of three distinct sources of 
authorization verification information in order to access the sensitive data In 

30 order to gain access to the sensitive information stored on hard drive 1 13, 
both card 1 15 and card reader interface board 109 must presait proper 
identification infoimadon and the user must enter a series of predetermined 
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answers to a series of predetermined questions. If any of the sources of 
identification information is incorrect, board 109 may prevent access to die 
secure computer system 100 by fi-eezing the system bus 292 (requiring cycling 
of die system power to reset secure conqjuter syston 100), logically 
5 destroying any sensitive data on the system, or physically destroying the 
storage devices containing sensitive infomiatioii 

The details of one embodiment of die present invention will be 
specified in greater detail using the following figures. FIGURE 3 is a detailed 
electrical block diagram of the secure computer system 100 of FIGURE 2B, 

10 showing connections between card reader inter&ce board 109, card reader 
1 1 1, secure hard drive 1 13, and central processing unit (CPU) 290. In the 
present invention, independent, dedicated data buses are en^Dloyed such that 
card reader interface board 109 communicates with card reader 1 1 1 via card 
reader bus 225, hard drive 1 13 via hard drive bus 272, and QPU 290 via hard 

15 drive controller logic 710 and systOTi bus 292. (hard drive bus 272 is 

analogous to cable 730 of FIGURE 2B and system bus 292 is analogous to 
cable 731 of FIGURE 2B.) The utilization of independent dedicated data 
buses for communications with card reader 1 1 1, hard drive 1 13, and CPU 290 
decreases the chances for retrieval of sensitive data and enoyption 

20 infonnation, since systmi bus 292 transfers only unencrypted data to the 
campatcf system fi-om card reader iiAerfacc board 109. An unauthorized 
intruder would have to monitor all three buses to Bttempt to dedpho* the 
encryption codes used and the mediod by whidi the security system interacts 
with the conputo* system 

25 FIGURE 3 also shows the interconnecdons of the con^netits 

on card readar interface board 109. In one embodiniai^ die card reader 
interface board 109 contains a Zilpg Z86C61 16 processor 220 for controlling 
data transfCTbetweoi card reado- 111, hard drive 113, and CPU 290. Tlie 
Z86C61 16 is an 8-bit data bus, 16-bit time-multiplexed address bus 

30 microprocessor specified in the Zilog Z8 IVficrocontrollers Book, DC8305-01 
(1993), wliich is incorporated herein by reference. Other microprocessors may 
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be readily substituted without materially affecting the scapo of the present 
invention 

Processor 220 controls the transfer of data on card reader 
inta:iace board 109 by issuing commands to control ASIC 230. Control ASIC 
5 230 acts as "gjue logic/' und^ control of processor 220, coordinating the 
operation of data steering netwoik 240, cipher engine 270, and processor 220 
to control information transf^ between CPU 290, RAM 260, and hard drive 
113. 

Data steering network 240 is an 8-bit controllable iiput and 
10 output port circuit designed to allow processor 220 to communicate with 
RAM 260 and dpher engine (CE) 270, but to prevent unauthorized access by 
a user controlling system bus 292 to retrieve data from RAM 260. FIGURE 5 
is a block diagram showing the operation of the data steering netwoik 240. 
Data steering networic 240 essentially operates as an ei^t bit wi<fe 
15 bidirectional parallel multiplexer which limits data transfer from processor 220 
to RAM 260, or alternatively to GE 270 (and, therefc^, potentially to system 
bus 292 if port A 274 and port C 278 of CE 270 is connected). Attmpts to 
read information from tfie address space assigned to RAM 260 which 
originate from the system bus 292 are in5X)ssible, since RAM 260 is logically 
20 isolated such fliat no address space exists from system bus 292 to access 
RAM 260. 

Returning to FIGURE 3, in one embodiment cipher engine (CE) 
270 is an 8-bit NSA certified DES mayption mgine meeting specification 
DES 3. Such a device is manu&ctured by Conputer Elektronik as part 
25 number CE99C003. Further infonnation detailing the operation of that 
embodiment of CE 270 may be found in CE Infosys 99C003 Data Sheet 
Version 1.01. 

CE 270 is controlled by processor 220 via data steering 
networic 240 by commands received at port C 278. CE 270 may be instructed 
30 by processor 220 to provide a data path betweai port C 278 and port A 274 
(no encryption) or betwera port A 274 and port B 276 (DES eaoypted data 
output from port B 276, and nonaiaypted data fix)m port A 274). During 
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system initialization a data path between data steering network 240 and 
system bus 292 is aeated using port C 278 and port A 274 whereby 
nonenaypted data can be transferred under control of processor 220 to system 
bus 292 via hard drive controller logic 710. Once user authorization is 
5 verified and there are no pending security violations detected, CE 270 uses a 
key to DES mcrypt data transmitted by port B 276 to hard drive 113. 
Sinrilariy, CE 270 deciphers mcrypted data fi-om hard drive 1 13 and presents 
it to systOTi bus 292 via hard drive controDCT logic 710 v^iien port A 274 to 
port B 276 channel is allowed One skilled in the art would readily recogni2e 

10 tfiat other cipher engines which conform to the above-mentioned standards and 
siq^port data encryption may be substituted without materially modifying the 
spirit and scope of the presOTt inventioa 

RAM 260 is subdivided into secure and open segments by 
memory mapping the secure segments such that they are accessible only to 

IS processor 220. This prevents both acddental and intentional loss of secure 
information fi-om the RAM 260 to the system bus 292. RAM260is 
addressable miy by processor 220 and contains DES base kemd key 
encryption information and answers to voification questions retrieved fi-om 
card 115 by processor 220. Theopenportionof RAM 260 contains the 

20 verification questions retrieved fi-om card 1 15 and other nonsensitive data 
As can be seen in FIGURE 6, ROM 280 contains loader 
program code 610 and verification program code 620 used by the CPU 290 
\jpm initialization to load and execute the verification program Since 
standard BIOS routines attempt to boot fix)m the C: drive the use of ROM 280 

25 in concert with processor 220 and control ASIC 230 to simulate a C: drive 
allows the present invention to be used in the standard IBM conpatible 
personal conputer without having to nxxfiiy the system BIOS (basic 
iiq>ut/output system). 

Card 1 15 is used with card reader 111 under control of 

30 processor 220 to provide the conpitor system 100 witii information 
concerning DES key enoyption, verification questions and answers, user 
access privilege level, e?q)iration date, origin of card issuance, and card usage 
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history. As in the first embodiment, the preferred card 1 15 is a MICRO 
CARDCg) or GEMPLUS® card (for exanple, Scot 100, TBIOO, or COS IC 
cards), whidi is conpatible with ISO 7816. One skilled in the art would 
readily recognize that other IC cards vAidi conform to this standard and 
5 provide data encryption and decryption functions may be substituted without 
materially modifying the spirit and scope of the present inveotioa 
1 .OGICAL & PHYSICAL DESTRUCT HARDWARE 

Control ASIC 230 also monitors attempted unaufliorized 
retrieval of data fi'om the protected storage devices and presents information 

10 to processor 220 if control ASIC 230 detects an attenqjted unauthorized 
access. Processor 220 monitors signals fi-om the control ASIC 230 and 
commands control ASIC 230 to issue a command to either logically or 
physically destroy protected information in RAM 260 or secure hard drive 
113. Logical destruction of data on the RAM 260 is acconplished by 

15 asserting trigger signal 211 emanating fi'om processor 220, clearing the 

contOTts of RAM 260. Logical destruction of the sensitive data on hard drive 
1 13 follows naturally, since the DES encayption key synthesis information is 
destroyed vAicn the RAM 260 data is destroyed, and, without the DES key, 
the information on hard drive 1 13 is logically irretrievable. Physical 

20 destruction of data can also be accomplished by assoting jdiysical destruct 
signal 212 emanating fi'om processor 220, as a means of triggering a physical 
destruct package 213. As in the fiurst raibodiment, several physical destruct 
packages are disclosed in the prior art, such as a feme eUoride spr^ or 
plastic explosive package. 

25 Card reader interface board 109 also contains an extra defense 

against physical tanpering. In one embodiment, a transistor circuit 210 is 
used to rapidly erase the contents of dynamic RAM 260. In such an 
embodiment, circuit 210 grounds the power pin of RAM 260 to erase the 
contents of RAM 260. In normal q)eration, trigger signal 21 1 is not asserted, 

30 thereby allowing the collector of transistor circuit 210 to remain at a voltage 
of ^^proximately Vcc. In this mode of operation RAM 260 is powered by the 
supply voltage Vcc whereby current travels through diode 261 and fiise 263 to 
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RAM 260. If power is intemqDted the battery 200 provides anrent to RAM 
260 through diode 262 and fuse 263. 

When the trigger signal 21 1 is asserted (by processor 220) the 
collects of Txpn transistor 210 is forced to a low voltage and cunrent flowing 
5 tfarougih diode 261 is sufiGdrat to bum the fuse 263, hereby allowing the Vcc 
terminal of RAM 260 to drop to zero volts and erasing the logical contents of 
RAM 260. Altemarivelyjf the battery 200 is supplying RAM 260 with 
current, die trigger signal 21 1 will cause suffident current to flow dirougli 
fuse 263 to bum fuse 263, and again, the voltage at the Vcc temmnal of RAM 

10 260 will drop to zero volts and erase the logical contents of RAM 260. 
Processor 220 can initiate the logical destmct feature if control ASIC 230 
alots pirocessor 220 that an unauthorized access is being attenpted 

The logical and physical destmct mechanisms described provide 
several different levels of data security. In one erribodiment of the presoit 

15 invention there are five selectible security levels: 

1) Freeze the computer system bus, requiring a "cold boot," 
(power off and then on or "reset"); 

2) Alter the contents of the integrated drcuit card so that 
die card must be updated to be authorized for anodier session; 

20 3) Gear RAM 260 ofthestor^ kernel for the encryption 

key; 

4) Logical destraction of RAM 260 memory, requiring 
rdnitiaUzation of RAM 260 before anoflier session may be p^ormed on the 
coniputer system; and 

25 5) Physical destmcdon of ccnputCT system memory. 

Odier security levels are possible and those skilled in the art will recognize 
that coiribinations of these levels of security are possible without departing 
fi"om the scope and spirit of the present invention. 
INTERFACE BOARD COlsTTROL & COMMUNICATIONS 

30 Activities on the card reader intoface board 109 are 

coordinated in part by code "burned into" an internal ROM in processor 220 
and in part by execution of an authorization verification program as detailed 
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below. This allows processor 220 to respond to commands issued by CPU 
290 during the authorization verification program execution, yet maintain 
security of sensitive data on card reader interface board 109 by acting as a 
dedicated controller of sensitive DES encryption data and authorizadon data 
5 Processor 220 communicates with control ASIC 230 to control data steering 
network 240 and ROM 280, and controls CE 270 using commands issued on 
bus 222 to CE 270 via data steering network 240. Processor 220 is solely 
responsible for communications with card reader 111, vAnch enhances die 
overall security of the present invention since sensitive data is not placed on 

10 the system bus 292 where it is vuberable to retrieval. 

Control ASIC 230 is connected to ROM 280 and data steering 
network 240 using bus 223 and is also connected to the monitor and fi-eeze 
control lines of CPU 290 wiiich allows control ASIC 230 to "fi-eeze" system 
bus 292 iqx>n demand by fi-eezing the system bus 292 if a prohibited access is 

15 detected over the monitor lines. Control ASIC 230 sends a signal to 

processor 220's INT internet 221 vAen it fi*e^Des system bus 292 to inform 
processor 220 that the bus was fi-ozen, since processor 220 is not connected to 
system bus 292. 

Control ASIC 230 contains a counter (not shown) which counts 

20 the numba- of "sectOTs" retrieved firom ROM 280 duriaig boot and loading 
fijnctions (desaibed below) to simulate a hard drive interface to CPU 290. 
Processor 220 is notified by control ASIC 230 vAim the last byte of program 
infonnation is read fi^om ROM 280 by CPU 290. Cipher Engine 270 routing 
is controlled by signals fiiom processor 220 to control ASIC 230, and m^ be 

25 programmed to connect port A274 to port C 278 to allow processor 220 to 
communicate with system bus 292 (and CPU 290), or connect port A 274 to 
port B 276 to allow CPU 290 to communicate with hard drive 1 13 once 
security conditions have been satisfied, as detailed below. 

FIGURE 4 is a block diagram of the fundamental components 

30 of control ASIC 230. Control ASIC 230 includes a control register 950 with 
bits assigned for the comrol of data steering networic 240 and ROM 280 via 
control port (CP) 910. Tbese hits control vAidhsr bus 222 is ccamected to 
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RAM 260 or CE 270 via data steering network 240. Similarly, the control 
bits assigned to the control of ROM 280 assist in the simulation of a C: drive 
during tfie BIOS initialization which is detailed below. Control register 950 is 
programmed by instructions from processor 220, and the status of the control 
5 bits may be detmnined by reads from processor 220 of status register 960 via 
processor port 980. INT port 900 is also connected to the control and status 
registers, and indicates when &e system bus 292 is "frozen" \^en a security 
violation is detected as described above. 

In one embodiment of the present invmtion, processor 220 

1 0 programs registers (not shown) in bus address monitor 930 by transmitting 
mask words to diese registers via processor port 980. Each mask word 
conprises a programmable traplate identifying authorized peripherals for the 
particular user as defined by the card 115 vMm issued by the security 
administrator during the authorization visit, described below in the 

15 SECURnr ADMMSTRATOR AUmORIZATlON VlSrr s^ Control 
ASIC 230 is connected to system bus 292 (as shown in FIGURE 3) via bus 
port 920, and can therefore monitor the attenpted accesses on system bus 292 
and conpare them with the tenplates stored in bus address monitor 930 using 
combinational lo^c 940 to detmnine if an unauthorized peripheral access has 

20 been attonpted. If an unauthorized peripheral access is attenpted one 

embodiment of the presrat invention wiB freeze the system bus 292; secure 
computer system 100 remains unusable until a power cycle of coopiter 100 
(to reset computar 100) is perforafied. Pert 920 of control ASIC 230 is 
connected to hard drive controller logic 710, as shown in FIGURE 3, in order 

25 to control access to hard drive 113 in a manner known to fliose skilled in the 
art 

Bus address monitor 930 monitors system bus 292 references to 
pOTpheral devices such as serial and parallel ports, networics, and A or B 
floppy disks. Bus address monitor 930 roonitors normal BIOS references 
30 during initialization, such as reset, warm, or power-up boot, and monitors to 
detect attenpted prohibited accesses to denied p^pheral devices as defined 
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on card 115 during the axithorization visit (see SECURITY 
ADMINISTRATOR AUTHORIZATION VISIT section below). 
DATA STEERING NETWORK 

Data steering netwoik 240 is shown in a sinplified block 
5 diagram in FIGURE 5. Data steerii^ netwodc 240 essentially acts as a 
bidirectional, ei^t bit parallel, steerable data diannel. Control ASIC 230 can 
control vsiietfier the eigjit bit bus 222 from processor 220 is connected to 
RAM 260 or CE 270 by decoding tfie address on bus 222 and selecting mpat 
20 of the data steering networic 240. Control ASIC 230 can also disable the 

10 data steering network 240 by toggling enable irput 30 of data steering 
network 240. This operation also msures that CE 270 is never direcdy 
connected to RAM 260 via data steaing netwoik 240, adding to the 
protection of data stored in RAM 260. 
TYPES OF CARDS AND THEIR FUNCTION 

15 Tbere are essentially three ^pes of cards: maintenance, issuer, 

and user cards. The maintoiance card allows the user to access tiie system 
only for diagnostic purposes, but no smsitive data is accessible using the 
maintenance card An issu^ card is the topmost card of the security 
Ynereardby. It raables the issuing program to ccnifigure a plurality of 

20 subordinate user cards. In one enibodimmt, user cards can CTeate subordinate 
user cards and allow the user to access p^pherals per privileges granted by 
the issuer during card configuration. Ibe user cards enable users to access the 
secure information on conpiter 100. 

One embodiment of Ae security hierardiy is shown in FIGLKE 

25 8. Box 500 represents an issuer card called the issuing office card Box 501 
is also an issuct card called the security administrator's card The issuing 
office card 500 is used to create the security administrator's card 501, which 
in turn creates subordinate user cards represented as the remaining boxes in 
FIGURE 8. In this embodiment, the issuing office card 500 may not access 

30 data in conq^uter system 100; its purpose is to create subordinate usor cards, 
such as cards 510, 530 and 540. 
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SECURITY ADMINISTRATOR AUTHORIZATION VISIT 

The next section of the specification of tiie present invention 
requires a discussion of the information stored on the user card 115 prior to 
the first use of die card 115 by a user. A special card issue program is run en 
5 a conputer systrai 100, as shown in FIGURE ID, which programs tiie user 
card 115 pursuant to ISO 7816 specifications. This programming is typically 
done by a security administrator ^o is responsible for determining the scope 
of audiorizatim of die particular user. Such a session is called an 
authorization visit. 

10 The card issue program used to conduct an authorization visit 

will store in separate registers located on card 1 15: e?q)iration date of the 
card; the code associated with the issuing oiBSce; the peripherals which this 
particular user may access with this card; a code id^tiiying the card as a 
maintenance card, issue card, or user card; the level of authorization of the 

15 user of the card (see the ACCESS HIERARCHY discussion of FIGURE 8, 
below); a series of questions used to identify the user; and their associated 
answers. 

A "first use" register is also dedicated to indicating whether die 
card has hoen used before to allow the system to identify first use. First use 

20 presents an qpportunity to configure conputer system 100 by storing in RAM 
260 sensitive data pertaining to the spedfic user. In the event tfie information 
on RAM 260 is erased, the first use register indicates diat die card 115 was 
used at least once and the user will be required to rqx)rt to die security 
administrator to have the card reissued before secure computo- systmi 100 

25 will accept it 

A retry counts registCT is also programmed during the 
authorization visit which contains a value specifying the number of errors a 
potOTtial user can make in answering the user identification questions before 
the system terminates the verification process. In addition, certain information 
30 is stored, in the card automatically undo:- ISO 7816 specificatiai, such as the 
type of card vsdiich is being used (for example, MICRO CARD® or 
GEMPLUS® cards) and the amount of memory available on the particular 
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card One skilled in the art would readily recognize that the information 
stored on the card may be stored in other ccoifigurations without materially 
modifying the scope and spirit of the present invention For exan^le, the 
number of questions may be varied without materially changing the invention 
5 QUESTIONS AND ANSWERS USED FOR IDENTTnCATION 
VERinCATION 

A series of questions are posed in a consistent format, and the 
answers are recorded to identify a particular user. For exanple, one question 
the user nii^t be asked is: ''What is your favorite color?" The user should 

1 0 respond with a text string entry v^ch matches the prerecorded answCT. 
Therefore if the user responds: "Blue", but the answer was prerecorded as 
"B@L$U*E!", the response will be incorrect and, depending on the value set 
in the retry counter, the user may be denied access or allowed to answer 
another question One embodiment of the present invention uses fiflem 

15 questions to identify the user. Sudi an approadi reduces the chance an 
unauthorized user can acquire the correct responses through surreptitious 
means. It should be obvious that ai^ subcombination of the fifteen questions 
may be used for identification purposes. In one embodimait of the presrat 
invention, a random number geuOTator decides the nurabCT of questions to ask 

20 (nriniraum three), and the particular questions selected However, it is clear 
that the number of questions and their selection process may be altered 
without materially altaing the scope of the presmt invmtion. 
INmALIZATION OF THE SECURE COMPUTER SYSTEM 

FIGURE 7 shows a flow diagram detailing the procedure by 

25 wttch the present invention acquires control of the computer for user 

identification and verification purposes upon an initialization such as power 
up, clear, or warm boot reset. Those skilled in the art will readily ^)preciate 
that minor modifications to the order or exact inplementation of the following 
stqDS will not materially modify either the scope or spirit of the present 

30 inventioa Upon initialization, at step 704 the standard conputer BIOS will 
quay the computer syston to determine the present configuration of the 
system Processor 220 is programmed to monitor and save BIOS routine calls 
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made by the secure computer system's BIOS during step 704. Control ASIC 
230 assists process(X 220 in monitoring and memorizing the BIOS routine 
calls. Hie memoribsied calls are then used as a tenplate for conparison 
purposes to ensure that subsequent reboot of the CQn^utor system with the 
5 standard operating system conforms widi the initial pattern. Such a dieck 
verifies that the system BIOS is, indeed, in control of the subsequent reboot 
process. This prevoits loading of another syst^ BIOS to bypass the security 
system in carder to access sensitive data 

As detailed above, the hardware preset on card reada* 

10 interface board 109 is designed to simulate the presence of a hard drive. At 
initialization, CPU 290 executes the standard BIOS routine of loading the first 
"one and/or two sectors" fi-om the C: drive. Card readCT interface board 109 
mtCTcepts the read issued by CPU 290 and directs it to ROM 280. As is 
illustrated in FIGURE 6, ROM 280 contains loader program code 610. 

15 Hierefore the first one or two sectors of the "C: drive" are read fi-om ROM 
280. (Whether one or two sectors are loaded dqxnds on the type of CPU 
290, speed of CPU 290, and type of BIOS used by the coniputer system) 
Loader program code 610 is then executed by GPU 290 to retrieve, at 709, the 
remaining "sectors" of ROM 280. Those sectors contain a voificaticn 

20 program (620 of FIGURE 6) used to verify the au&orizatian of the user to 
access die system. Control ASIC 230 monitors the loadiiig process, informing 
processor 220 at step 712 vAim the last byte of code is loaded into CPU 290 
so that processor 220 is aware that tfie verification program is about to 
execute on CPU 290. Processor 220 dim generates, at step 713, unsolicited 

25 card status fi'om card reader 111. Meanwhile, at 714, CPU 290 executes 
verification program 620. When unsolicited card status has been retrieved, 
processor 220 instructs control ASIC 230 to connect processor 220 to s>^em 
bus 292 via data steering network 240, CE 270, and hard drive controller 
logic 710 (step 721). Processor 220 thm transmits the status of card reader 

30 1 1 1 to CPU 290, howevCT, the verification program will loop until unsolicited 
card status is received fit)m processor 220 (step 722). 
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USER AUTHORIZATION VERIFICATION PROCEDURE 

At this point, the processor 220 is actually controlling system 
bus 292 using handshaking lines, yet processor 220 is responding to requests 
made by CPU 290 throughout the execution of the verification program. CPU 
5 290 receives an internq>t indicating that a card was ins^ed, and vshether a 
conductive card is present (steps 724 and 728). If no card is present, then a 
message to "insert card" is flashed to the opwator on display 105 (step 726). 
If the card 1 15 is conductive, then the system bus 292 is fi-ozen and the 
verification process is terminated (step 736). If Ae card 1 15 is 

10 nonconductive, then power is qplied to the card reader 1 1 1 (step 729). Upon 
powenq), the card 1 15 issues an unsolicited reset message which is transferred 
to the CPU 290 by processor 220 (step 732). Processor 220 resets card reader 
1 1 1 by holding the RST signal (224 of FIGURE 3) low (active) for a 
spedfied time as defined by ISO 7816-3, and then raises the signal to indicate 

15 end of reset to card 1 15. Card 1 15 issues a reset message to processor 220 
via card reader 111 which identifies vAether the type of card being used is 
MICRO CARD® or GEMPLUS® (per ISO 7816, MICRO CARD® and 
GEMPLUS® Technical Manuals) (step 734). If the card 1 15 is not an 
acceptable card, then processor 220 fi-eezes the system bus 292 and terminates 

20 the authorization process (stq) 736). If the can! is accepted as potentially 
valid then the verification program determines if the card was issued by the 
conrect issuing ofiGce (step 742). The e>q>irariQn date is also retrieved fi-om 
the card by p-ocessor 220, but must be sort to CPU 290 because processor 
220 does not have a clodc/calendar to compare the expiration date (step 744). 

25 If dthCT of the tests in steps 742 or 744 fail, then syston bus 292 is fi-ozen by 
processor 220 and the verification process is stopped (step 736). If the card 
115 meets the previous tests, then CPU 290 instructs processor 220 to read 
several questions and their associated correct responses fi-om the card 1 15 and 
load them into RAM 260 (step 746). In one embodiment of the present 

30 invention, the answers are stored in the secure area of RAM 260 and the 
questions, which are nonsensitive, are stored in the open area of RAM 260. 
The user is then queried for responses to questions read firom card 115 and 
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must answQ- the questions correctly to gain access to the conputer. The first 
question is displayed to the user (step 748), an opeiator response is received 
by CPU 290, formatted, sent to processor 220, and conq^ared by processor 
220 with Ae answ^ stored in the secure space of RAM 260 (stq)s 752 and 
5 754). A retry counter located in processor 220 is incremented each time an 
error is made in answering the questions, and is preprogrannml by tfie 
security administrator to temiinate the verification program if the number of 
erroneous responses exceeds the preprogrammed value (stqjs 758 and 736). 
This protection is installed to prevmt an unauthorized user of a card from 

10 repeated guesses of the correct answers to the posed questions. 

After the last question is asked (step 762) the DES encryption 
key is calculated (step 764). hi one embodiment of the present invention, the 
key is calculated using user unique binary information stored on the card 115 
and in the RAM 260. This allows the program to calculate unique keys even 

15 if the key generation equation is identical from usct to user, since the inputs 
identifying eadi user will be dependent on the answers given by &e user, and 
therefore, the calculated key wiU be unique. Another embodiment of the 
present invention will have the verification program prompt the user with an 
additional question to assist in die key randomization process. Alternate 

20 embodiments of the present invention could insert such a question at any 
point in the voification program prior to the key gen^ation stq). In one 
^bodimmt of die present invention, the key generation algoridim is given by 
the pseudocode shown in TABLE 1: 

25 TABLE 1 
BEGIN: 

read the binary data from card 115 asscx:iated 
vdth the prerecorded questions and ansv/ers; 

reduce the binary value by powers of nine; 
30 store tJie carries generated in a register to form 

a random number; 

exclusive or the random number generated in tJie 
previous step with data stored in RMi 260 of secure 
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conputer system 100 to generate 16 strings of 64 bits, 
which will serve as potential keys for encryption; 

load the sixteen keys into CE 270; 

generate a random number between 1 and 15; 
5 select one of the sixteen keys using the random 

number; 

use that key for encryption pinr^oses; 

END. 

10 However, it will be clear to those skilled in the art that oflier fomiulas may be 
used without materially modiiying the spirit and scope of the present 
inventioa 

After the key is generated, it wiU be loaded, along with an 
encryption table, into the CE 270 (step 772), so that the CE 270 will be ready 

15 for encryption if the test of the loading is passed (step 774). If die table is 
not loaded conrecdy, then the verification program will teminate (step 736). 
If the table is loaded correctly, the processor 220 reviews the entire history of 
the verification sequence (776) to ensure that all of the required tests have 
passed (778) before connecting the system bus 292 to CE 270 (782). 1^ at 

20 778, all required tests have not passed correctly, the verification program is 
terminated at step 736. Otherwise, the CPU 290 will thai boot fix)m hard 
drive 1 13 in order to execute the disk operating system for secure conputer 
100 (step 784). Processor 220 morators this reboot process using control 
ASIC 230 to modtOT the BIOS routine calls to ensure that the native system 

25 BIOS is propaly rebooting die conpiter fi^om hard drive 1 13 (step 786). If 
any unauthorized accesses are attenpted, system bus 292 is fi*ozen and the 
verification program temiinates (steps 792 and 736). UnauflKwrized accesses 
include: unauthorized access of peripheral (monitored by bus address monitor 
930 on control ASIC 230), and attempts to boot firom the A instead of C: 

30 drive (monitored by processor 220), (step 788). If no unauthorized accesses 
are detected, the program will allow the user to use disk drive 113 until the 
session is terminated by the user via removal of card 1 15 or system reset (step 
794). Once the user is done, system bus 292 wiU be fi-ozen and the con:5)uter 
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100 must be power cycled (to reset conputer 100) before another session can 
take place (step 736). 
ACCESS HERARCHY 

FIGURE 8 shows one embodiment of a hierarchy of secured 
5 access codes among a multiuser organization. Ihe present invention teadies a 
Umarcby coding method used to generate families of access codes whidi 
permit horizontal and vertical segregation of access codes within an access 
hiCTanJiy. As shown in FIGURE 8, die access code is designed to allow a 
superior of a subordinate user access to the conputer of the subordinate, but 

10 only if the siperior has access in the same verdcai portion of the user 

hiCTardiy. For exanqDle, referring to FIGURE 8, user 520 cannot access the 
information on usct 510's conputer (520 is subordinate to 510), but can 
access the information on the corrputers of users 522. However, user 520 has 
no access authority over user 550 (no horizontal access privilege), nor does 

15 usCT 520 have access amhority over usars 552 (lacking vertical commonality). 
A benefit of such organizations of key information is that access may be 
limited in an oiganized and restricted hierarchy. For example, if somehow 
security is conpromised in the middle branch of FIGURE 8, flien the left and 
ri^t branches are not conpromised 

20 A vast array of users m^ thCTefbre be accommodated easily 

within die hierarchy shown in FIGURE 8 by dedicating access code words to 
eadi level. In one such anbodiment, sfacty-four (64) bits are allocated to tiw 
access code word describing 510 level, allowing 2^ unique codes at 510 level; 
sbrty-four (64) hits are allocated to Ae access code word describing level 520, 

25 allowing 2" unique codes at the 520 level; and sixty-four (64) bits are 
allocated to the access code word desoibing levd 522, aUowii^ ^ unique 
codes at Ae 522 level. These bits may be stored on card 115 in dedicated 
registers and assigned by the security administrator during the authorization 
visit 

30 The horizontal separation of users, may be easily attained by 

including an extra question in the list of queries posed and answ^ed during 
the verification program executioa An answer could be predetermined vsiiich 
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would be common among all users in a common vertical ffoup, and \^4lich 
would segregate them from other users in other verdcal groips. For exanple, 
each individual vertical groxq> would be identified by a unique, predetemiined 
response to the same questioa Hie response could be m^ped to a binary 
S number, vMdi could serve as a consistent offiet for purposes of geno-adng 
the access code. For exanple, if a question asked for a favorite sport, tiie 
response "golf could be used by all members of a particular vertical grot^ to 
identify their group. 

In one OTibodiment of the present invration, fifteen (15) 

10 questions are used to identify flie user, an extra question is used to identify 
the particular vertical branch of the access tree the user resides. TTiese 
questions are employed to select the DES encryption keys available to the 
user. In this way, the DES encryption key questions serve as a fiirthCT 
randomization of the access code wWdi is user depOTdait. 

15 Essentially, access information is distributed between the usct 

(in the preprogrammed responses generated by that user), die card 115 
(programmed when the individual is given access authority), and RAM 260 
stored on card reader controller board 109. Therefore, in one embodiment of 
the invention, the access code is a combination of the user, the card, and the 

20 conputer which die usor uses. This provides for a hi^ level of security for 
the mtire system, and requires that the user be re-authorized by the security 
administrator every time the user's access privileges are lost due to incorrect 
or inqiroper attenpted access. In Ais way, security administratoi^ can control 
the access att^rpts by the users since they are informed each time a potmtial 

25 security breadi is encountered; uscts must be re-authorized if the 

id^fication infomiation in RAM 260 is destroyed by attenpted unauthorized 
access. 

DESTRUCTION OF DATA 

Logical destruction of the data resident on the various memory 
30 storage devices found on the corrputer system may be preprogrammed to 
occur after a fixed number of failed attenpted accesses (see FIGURE 7 
discussion of retry counter, step 758). In one embodiment, board 109 goes 
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further and freezes the system bus 292 to prevent unauthorized retrieval of 
sensitive infonnation foUowing detection of a potential security breach. The 
data stored in hard drive 1 13 is logically destroyed when the DES enoyption 
key is erased since the key cannot be reconstructed by the intruder. 
5 Therefore, if tfie key infonnation in RAM 260 is destroyed, it is equivalent to 
rendering the data stored in hard drive 1 13 logically destroyed, since without 
tfie enoyption key it is undedphCTable. In one embodiment of fte present 
invention, the DES key kernel information stored on RAM 260 is destroyed 
by clearing RAM 260 using an algorithm executed by processor 220 vspan 
1 0 detection of attenpted unauthorized access, or by grounding the power pin of 
RAM 260 using transistor circuit 210 as desmbed in the section LCXjICAL & 
PHYSICAL DESTRUCT HARDWARE, above. A further hurdle requires that 
any vsar whose card 1 15 is invab'dated by unauthorized access visit the 
security administrator to get their card reinstated Physical destruction of the 
15 data storage media is also possible by asserting physical destruct signal 212 
generated by control ASIC 230 under control of processor 220 in the event of 
a breach, triggering destruct package 213 designed to physically destroy the 
hard drive 113 and RAM 260. 

Alternate embodiments of flie destruction means of the present 
20 invention arc also possible. In one embodiment, the selection of destruction 
means and the process by which the destruction methods are invoked are 
programmed by altering the code in the internal ROM of processor 220 or by 
varying the value of retries allowable on the register of card 115. ThCTefore, 
one embodimoit of the present invention is not limiting and does not 
25 materially linrit flie scope of the pres^ invrntioa 

FIGURE 9 illustrates one embodiment of tiie present invention 
showing a card reader receptacle 820 mounted with a hard drive 810 to 
facilitate physical mounting of the card reader and a resident hard drive. For 
exanq^le, a hard drive 113 can be co-located with a card reader 111 to fomi a 
30 single unit comprising a secured disk drive as shown in FIGURE 9. This 
mounting scheme illustrates only one of several possible anbodiments of the 
mechanical mounting of the card reado" receptacle 820 in the present 



wo 95/24696 



PCT/US95/02579 



27 

inventicMi Oflier embodiments illustrating the mechanical mounting of card 
reader receptacle 820 are possible without materiaUy modifying the scope of 
the present inventioa 

Those skilled in the art will readily see that the present 
5 invention offers several benefits over other devices including but not limited 
to the ability of one onbodiment to provide three levels of conputer security. 
For instance, one ^bodiment of flie present invmtion provides security in 
three distinct ways: 

(1) immediately asserting control of the conputer system iqxai 

10 initialization in the form of preboot protection, since the card reader intoface 
board simulates the C: drive loader code before an intruder can intempt the 
systatn and thereby immediately takes control of the CPU; 

(2) aftCT preboot control is acquired a user verification program is 
executed to ensure that the user is authorized to access the conputei; and 

15 (3) ongoing monitoring of conputer activity as the computer system is 

in use, to detect attenpted imauthorized accesses using a bus address monitor 
and destroy sensitive program and enaryptioa key infomaation before an 
intruder can break into the system. 

Those skilled in die art will readily ^predate that the scope of 

20 the present invention is not restricted to securing personal conputers, but may 
be extended to securing other types of conputer systems (lai^ or smallor) or 
specific pmpherals of both smaD and large conputer systems. Additionally, 
the present invention may be enployed to secure the digital data stored on 
any system wfaidi stores sensitive digital infonnatioa 

25 The presmt invention discloses the use of the card reader 

interface board 109 in conjunction with hard drive 113. It should be qparent, 
however, tiiat the same type of security could be ^lied advantageously to 
control the contents of other nonvolatile memory such as a cortpact disc (CD) 
ROM system. Personal Conputer Mraioiy Card International Association card 

30 (PCMCIA card), or streaming tape backip unit Indeed, the present invaition 
can be appUed advantageously to control access to any peripheral which could 
be connected to a conputer system. For instance, the present invention could 
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be q)plied to secure subsections of mass storage devices, such as partitioned 
hard drives or PBX switches. Alternate encryption methods, larger or smaller 
data and address buses, alternate integrated circuit cards and reado^, and 
modifications to the control algorithms en:5)loyed in tfie present invention may 
5 also be used without materiaDy altering the scope and spirit of presmt 
inventioa 

It is to be understood, however, that even thou^ nummnis 
characteristics and advantages of the invention have been set forfli in the 
foregoing description, together with details of die stracture and fimction of the 
10 invention, the disclosure is illustrative only, and changes may be made in 
detail, especially matters of shape, size, and arrangenrait of parts within the 
principles of the invention, to the foil extent indicated by the broad genial 
meaning of the terms in which the ^>pended claims are expressed 
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What is claimed is: 

1. A method of operating a con^iuter, conpising the stqjs of: 
a) prior to boot, acquiring control of the CPU; 

5 b) loading a voification program; 

c) verifying that the user is authorized using the verification program; 

d) prohibiting access to the conputer if Ae usa* is not authorized; 

and 

e) providing access to the conputer if the user is authorized, 
10 conprising the steps of 

1) monitoring bus accesses to detect if a user is attenpting to 
read or write to an unauthorized peripheral; and 

2) destroying memory contents if unauthorized attenpts at 
access are detected 

15 

2. A method of protecting inforaiation stored in nonvolatile memory of a 
conputer system having a system bus, coniprising the steps of 

a) providing a plurality of sources of identification infomiation for 
identifying an authorized iiser; 
20 b) restricting access to the carnpater system by the steps of 

1) performing preboot control of flie compute; 

2) loading a verification program; 

3) reading identification infomration fi-om the plurality of 
sources; 

25 4) conparing the identification infomiation read fitm the 

plurality of sources to vmfy the authorization of the user; 
c) if tiie usCT is an authorized user, providing access to the corr$)uter 
by the stq>s of 

1) allowing access to the conputer system; 
30 2) constmcting an enaypti(xi key fi*om the plurality of 

sources; and 
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3) encrypting the mformation stored in the nonvolatile 
memory xising the constructed encryption key; and 
d) if the user is not authorized, freezing the system bus sudi that 
another attenpt to access the computer requires a powerdown 
5 to reset the conqjuter system 

3. The method according to claim 2, whradn the step of providing a 
plurality of sources includes the step of providing identification infomiation 
from an integrated circuit card, identification information input from a user, 

10 and identification information residmt in the computer system. 

4. A method of protecting information stored in nonvolatile memory of a 
conputer system, the computer system having a central processing xjnit 
(CPU), the method comprising the steps of: 

15 a) providing a conputer system with an interface board with a 

resident verification program and a loader program for loading the verification 
program; 

b) restricting access to the nonvolatile memoiy, wherein the step of 
restricting access includes the steps of: 

20 1) controlling the conpmer systCTi COTtral processing unit 

(CPU) during initialization and prior to booting the computer, vAerein 
the step of controlling comprises the stqjs of: 

a moratoring and storing BIOS calls made by the CPU 
during the loading of the voification program; 
25 b. initiating an initialization of the conputer system; 

c. simulating a boot disk such that the CPU loads the 
loader program; 

d executing the loadCT program; 

e. loading the verification program; and 

30 f executing the verification program, wherein said 

program verifies the identity of the usct; and 
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2) if the user is verified as an authorized user, allowing access 
by the steps of: 

a providing access to the nonvolatile memoiy; 

b. booting the conqjuter system fi-om the nonvolatile 
5 memory; 

c. monitoring and storing BIOS calls made by the CPU 
during the booting stqp; and 

d detecting logical accesses which could conpromise 
the security of information stored in the nonvolatile memoiy, 
10 wherein the step of detecting logical accesses includes the steps 

of 

1. conparing BIOS calls stored during the 
loading step with BIOS calls generated during the 
booting step; and 

15 2. if BIOS calls do not matdi, fi^ezing the 

system bus, requiring a power cycle of Ae campoier 
system to reset the conpiter system. 

5. The method of claim 4, wherein flie mefliod further conqjrises the 
20 steps of: 

COTStructing a unique endyption key obtained from a plurali^ of 
sources; and 

enaypting infcnmation stored to the nonvolatile memoiy usii^ the 
enayption key; 

25 and wherein the step 4.2.d.2 of freezing Ae system bus coocrpises the 

step of logically destroying the data stored in the nonvolatile memory by 
destroying the encryption key. 

6. The meftiod of claim 4, wiierein the step 4.2.d2 of freezing the system 
30 bus comprises the step of physically destroying the nonvolatile menx)ry, 

thCTeby destroying the data stored in the nonvolatile memory. 
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7. 



The method of claim 4 wherein the step of detecting unauthorized 



logical accesses conpises detecting unauthorized peripheral accesses. 

8. A secure ccnqnit^ system for controlling a user's access to 
5 confidential information stored in nonvolatile memory, die system compnsing: 

a) a system bus; 

b) a central processing unit (CPU); 

c) an identification card, containing identification information for 
identifying authorized users of Ae conputCT system; 

10 d) a card reader for reading identification information fi-om the 

identification card; and 

e) a card reader interface, connected to the system bus, wherein the 

interface operates to assume control of the CPU upon initialization of the 

con?)uter system, the intoiace conpising 
15 1) a dedicated data bus for communications with ibt 



nonvolatile memoiy. 



2) a dedicated data bus for communications with the card 



reado; 



20 



3) a verification program to be executed by die CPU for 
limiting access to the nonvolatile memory to only authorized users; 



4) a mmiQiy storage device for storing user-specific 
informatioa; 



25 



5) an encryption system \^ch enaypts the data stored to the 
nonvolatile manoiy using an encryption key constructed fixjm data on 
the identification card, data in the mOTKay storage device, and iiputs 
fi*om the user; 



6) an iiput/output bus address mwiitor circuit for detecting 
atten^ to bypass the verification program; and 



30 



7) a memory erasing circuit for destroying encryption key 
infomiation stored in the m^cny storage device if an unauthorized 
access is d^ected by the inteci&ce. 
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9. A method for protecting information stored in nonvolatile memoiy of a 
corrputer, the method conprising the steps of: 

a) providing means for interfacing an infonnation beari^ 
conputer; 

5 b) storing individualized questions and answ^ vAnch uniquely 

identify a user on the inforaiation bearing cani; 

c) reading identification information and card infomaation from the 
information bearing card; 

d) executing a verification routine upon initialization in order to 
10 detemiine whether the user is authorized to gain access to the protected 

infonnation stored in Ae nonvolatile memoiy, v^erein the verification routine 
comprises asking the user the individualized questions and conparing answers 
received against the stored answers; and 

e) if the user correctly answers the questions, permitting access to 
15 portions of the protected infonnation stored in the nonvolatile memoiy. 

10. The method according to claim 9, further conprising the step of: if the 
user does not correctly answer the questions, freezing the computo" and 
requiring that the conputer power be cycled to reset flie coopiter. 

20 

11. The method according to' claim 9 fiirther conprising the step of 
programmiiig the information bearing card wifli individualized access privilege 
information to identify vAnch nonvolatile memoiy devices the usct is 
privil^ed to access. 

25 

12. The mefliod according to claim 9, wherein tiie step of pemiitting 
access conpises the steps of 

a) verifying that die user is privileged to access tiie infonnation stored 
in a first storage device; and 

30 b) ifthe user is privileged to access the information stored in the first 

storage device, permitting access to the protected information stored on the 
first storage device. 
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13. The method according to claim 1 1 further conprising the step of if the 
usCT attempts to access information from an in^vileged storage device, 
freezing the conrqjuter and forcing the user to reset the conputer systan and 
begb authorization verification again. 

5 

14. The meflbod according to claim 9, wherein the step of reading furtho" 
conpises the step of: inopenMiting a retry counter if the user incorrectly 
answCTS a question, and waiting for a subsequent vscr response if the retry 
counter has not reached a predetcmiined value, otherwise temunating the 

10 authorization procedure. 

15. The method according to claim 9, wherein the step of reading fiirther 
conprises the steps of 

a) reading a card identification code from the card indicating card 

15 type; 

b) detemiining a card type from the card identification code; and 

c) if the card is a maintenance card, allowing a user access to the 
computer for maintraance purposes, without allowing access to the nonvolatile 
memory of Ae computer. 

20 

16. A secure comparer providing for flie axitroUed access of internal 
devices via a card reader, the coirpiter conpisirig: 

a user input device; 

a card reader; 
25 a screoi display, 

a central processing unit (CPU); 

a device containing non-volatile CPU program code; 

a CPU syston boot ROM; 

a plurality of peripheral devices; 
30 a system data bus; 
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a microprocessor for writing and reading iiifoimation to and from a 
card placed in the card reader, the microprocessor and the CPU 
connected throi^ a dedicated data bus; 
an enoypdon engine; 
5 a volatile memoiy device for storing data retrieved from the card by 

die microprocessor; 

said CPU system boot ROM including code for instracting the CPU to 
start executing the CPU program code in the device so that the CPU 
program code in the device takes over control of the CPU, so that 
10 upon a power-iq), clear, or wamvboot reset of the conputer the CPU 

program code in the device obtains control of the CPU; and 

said CPU responsive to said CPU program code, to perform an 
authorization verification procedure corrpising the steps of 

a) instructing the microprocessor to read a card placed in 
15 the card reader by a user and obtain at least one 

question from a list of questions stored in the card; 

b) displaying the question to the user on the screen display, 
and waiting for a resfxmse from Ae user on the inpat 
device; 

20 c) passing the response to the micrqrocessar and the 

microprocessor conparing at least one user response to 
a list of correct answers stored on the card; 

d) receiving the results of the comparison by the 
microprocessor and allowing access to the compat&r if at 

25 least one vscr response matches a corresponding correct 

answer; 

e) generating an encrypticm key from data on the card, data 
stored in the volatile memory device, and responses 
received by the user; and 

30 f) encrypting all data stored to the plurality of peripherals 

using the encryption key. 
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17. The computer of claim 16 fiirther conpnsing: 

a security circuit for monitoring attended unauthorized accesses of the 
computer; and 

a logical destract circuit, connected to the security circuit, for 
5 destroying data in the volatile memory device if unauthorized access is 
detected by at least one of the microprocessor and Ae security circuit; 
and v^erein the microprocessor perfomK flie steps conpising: 

monitoring and storing CPU BIOS routine calls duriiig the 
authorization verification procedure; 
10 monitoring and conparing the CPU BIOS routine calls during 

the rebooting process to detect control of the system data bus by 
another program; and 

if the BIOS calls stored during the authorization verification 
procedure do not match the BIOS calls monitored during the rebooting 
15 process, tiien logically destroying the data in the volatile memory 

device; and 

v^iiQ-ein the CPU performs the additional step of incrementipg 
the value of a retry counter if tiie user incorrectly answers a question, 
and waiting for a subsequent user response if the value of tiie retry 
20 counter is less than a predetermined value, otho^se tmrdnating the 

audiorization procedure. 

18. The conputer of claim 17 who^ the conpitar fiirther conpises cue 
or more physical destruct medianisms logically connected to the 

25 microprocessor for physically destroying data on at least me of the plurality 
of periphCTal devices. 

19. The computer of claim 17 fiirther conpising a pltysical destruct 
output and physical destruct package, the output for triggering the physical 

30 destruction of the secure computer by compute control iqxsn detected 
attenpted unautiiorized access. 
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20. The conpnter of claim 1 7 wherein the key informalian is generated 
from data stored on the card, in the volatile memory device, iand from 
responses entered in by a user during the verijGcation procedure. 
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